Username/password

[pbellc]

I am looking for very, very basic HTML username/password protection. The information that is being "protected" is really not that sensitive, I just want to make sure that the right users access the right pages. I know that more sophisticated security is available, but really I am only ensuring proper routing. Is there a really simple, method available? Thanks.

pc

 

[mwolf00]

Easiest/least secure (view source will defeat)

<script>
pswd = prompt(&quot;Enter password&quot
if (pswd != &quot;myPassword&quot{
document.location = &quot;anotherPage.htm&quot;
}
</script>

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[pbellc]

I need something a little stronger than that (I didn't even need to enter &quot;mypassword&quot; to get access). Something like that, but maybe a little tighter. I know this is a dumb question, so I really appreciate any answer. Thanks a bunch.

pc

 

[mwolf00]

hmm - are you sure that you didn't have to enter &quot;myPassword&quot; to enter? It's even case sensitive here...

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[mwolf00]

Did you put it at the top of your page?

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[GUJUm0deL]

Shouldn't it be:

<script>
function access() {
var pswd = prompt(&quot;Enter password&quot
if (pswd == &quot;myPassword&quot {
window.location.href = &quot;newpage.html&quot;;
}
else {
alert(&quot;wrong password entered&quot;
return false;
}
}
</script>


This will check if the pswd is equal to &quot;myPassword&quot;, if it is then newpage.html will load, and if not then an alert is thrown.

To run the function, place this in the <form> tag, like this:
<form onClick=&quot;return access();&quot;>

I have this little thing, Advanced Delusionary Schizophrenia with Involuntary Narcissistic Rage.
It's no big deal really...

 

[SPYDERIX]

Hi,

Can you use .htaccess? Just put an .htaccess and .htpasswd file within the directory you want to protect and when you try to access it a popup will come up and if that fails then you will get an error.

Hope this helps!

Nate

http://www.mainframe-webdesign.com

 

[mwolf00]

here's a little more sneaky way to check for &quot;myPassword&quot;

<script>
pswd = &quot;&quot;
pswd = prompt(&quot;Enter password&quot;,&quot;&quot
pswdArr = new Array(109,121,80,97,115,115,119,111,114,100)

if (pswd.length != pswdArr.length){
document.location = &quot;anotherPage.htm&quot;
}
for (x=0; x<pswd.length; x++){
if(pswd.charCodeAt(x) != pswdArr[x]){
document.location = &quot;anotherPage.htm&quot;
}
}
</script>

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[pbellc]

Thanks for all the great responses. I found another option that was just as easy:

in he <HEAD>
<SCRIPT LANGUAGE=&quot;JavaScript&quot;>

function Login(){
var done=0;
var username=document.login.username.value;
username=username.toLowerCase();
var password=document.login.password.value;
password=password.toLowerCase();
if (username==&quot;user1&quot; && password==&quot;pword1&quot { window.location=&quot;page1.htm&quot;; done=1; }
if (username==&quot;user2&quot; && password==&quot;pword2&quot { window.location=&quot;page2.htm&quot;; done=1; }
if (username==&quot;user3&quot; && password==&quot;pword3&quot { window.location=&quot;page3.htm&quot;; done=1; }
if (done==0) { alert(&quot;Invalid login!&quot; }

in the <BODY>
<form name=login>
<table width=225 border=0 cellpadding=3>
<tr><td><font color=&quot;#FFFFFF&quot;>Username:</td><td><input type=text name=username></font></td></tr>
<tr><td><font color=&quot;#FFFFFF&quot;>Password:</td><td><input type=password name=password></font></td></tr>
<tr><td colspan=2 align=center><input type=button value=&quot;Login!&quot; onClick=&quot;Login()&quot;></td></tr>
</table>
</form>

becuase it is in an hta, finding the path isn't so easy, and also since the logon is part of a frame viewing source isn't as easy.

 

[SPYDERIX]

pbellc

I hope you realize this is not secure at all. Anyone coming to your site can simply view the source, get the user and pass info from your JS and then enter your site.

That's why I was asking about htaccess. Are you able to use it. It's much more secure.

Hope this helps!

Nate

http://www.mainframe-webdesign.com

 

[mkrausnick]

at

http://www.irt.org,

there are several articles about password protection by having the user enter a userid that is actually the root of an HTML document name. You place one file on the server for each user, and if user 'ABC' logs in successfully he/she is directed 'ABC.HTML', which can redirect them to the protected part of the site. If the user enters an invalid ID, they get a 404 error - &quot;Page not found&quot; and they presumably give up.

Still not totally secure, but better than embedding user ids in your HTML code. HTACCESS would be better yet.

Check it out.

Mike Krausnick
Dublin, California